Description | This article describes how to troubleshoot the FortiWeb 'indexd' service. |
Scope | FortiWeb v7.4.1 or higher. |
Solution |
FortiWeb logging activity involves the 3 services process 'logd', 'indexd' and 'mysqld' The 'indexd' service functions to index the raw logs to the mysql log table mapping, and the FortiWeb GUI Log & Report page will be accessing the log table mapping to display the relative logs.
diagnose debug application indexd 7 diagnose debug enable To disable the debug:
diagnose debug application indexd 0 diagnose debug disable
When the 'indexd' debug is required:
[indexd][04-08-15:51:43][WARNING!][_indexer_process_file][722]: /var/log/fwlog/root/disklog/tlog(2024-03-21-15:31:06).log has no mapping entry [indexd][04-08-15:51:43][INFO][_create_log_table][2244]: database root_index create table 'tlog.3' ok: create table if not exists `tlog.3` (fileid int, offset int, length int, date int, time int, week int, month int, hour int, datetime bigint unsigned, log_id int, msg_id bigint unsigned, type int, subtype int, pri int, proto int,service int,status int default 0,reason int default 0,policy varchar(64),original_src varbinary(16),src varbinary(16),src_port int,dst varbinary(16),dst_port int,http_request_bytes bigint unsigned default 0,http_response_bytes bigint unsigned default 0,http_method int,http_url varchar(512),http_agent varchar(256),msg varchar(128),original_srccountry varchar(64) default 'N/A',srccountry varchar(64) default 'N/A',content_switch_name varchar(64) default 'N/A',server_pool_name varchar(64) default 'N/A',http_host varchar(256) default 'N/A',user_name varchar(128) default 'N/A',http_refer varchar(640) default 'N/A',http_version int default 0,dev_id varchar(64) default 'N/A',http_retcode int default 0,cipher_suite varchar(64) default 'N/A',x509_cert_subject varchar(256) default 'N/A',index date_index(date), index time_index(time), index msg_id_index(msg_id), index week_index(week), index month_index(month), index hour_index(hour), index datetime_index(datetime),index subtype_index(subtype), index pri_index(pri), index service_index(service),index status_index(status),index reason_index(reason),index policy_index(policy),index src_index(src),index dst_index(dst),index http_request_bytes_index(http_request_bytes),index http_response_bytes_index(http_response_bytes),index http_method_index(http_method),index srccountry_index(srccountry),index content_switch_name(content_switch_name),index server_pool_name(server_pool_name),index http_host_index(http_host),index user_name_index(user_name),index http_refer_index(http_refer),index http_version_index(http_version),index dev_id_index(dev_id),index cipher_suite_index(cipher_suite),index x509_cert_subject_index(x509_cert_subject)) engine=innodb default charset=utf8 [indexd][04-08-15:51:43][WARNING!][_process_log_file][1743]: @/var/log/fwlog/root/disklog, mapping table added, 'tlog.3' -> '/var/log/fwlog/root/disklog/tlog(2024-03-21-15:31:06).log'
[indexd][04-08-15:51:36][ERROR!!][indexer_init][239]: cannot connect mysql, try walk around (ret:0), mysqlerr 1:Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
FortiWeb# exec db rebuild
Related Document: Common troubleshooting methods for issues that Logs cannot be displayed on GUI |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.